1 files changed, 54 insertions, 0 deletions

diff --git a/lib/handshake.c b/lib/handshake.c
index 1633157230..72f531da13 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -1471,6 +1471,7 @@ handshake_hash_add_recvd(gnutls_session_t session,
 {
 	int ret;
 	const version_entry_st *vers = get_version(session);
+	const version_entry_st *max = _gnutls_version_max(session);
 
 	if (unlikely(vers == NULL))
 		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
@@ -1486,6 +1487,30 @@ handshake_hash_add_recvd(gnutls_session_t session,
 	    session->internals.handshake_hash_buffer.length;
 
 	if (vers->id != GNUTLS_DTLS0_9) {
+		if (max->id >= GNUTLS_DTLS1_3) {
+			/* DTLS 1.3 doesn't include message_seq, fragment_offset, and
+			 * fragment_length.
+			 */
+			if (header_size < 4) {
+				gnutls_assert();
+				return GNUTLS_E_INTERNAL_ERROR;
+			}
+			ret = _gnutls_buffer_append_data(&session->internals.
+							 handshake_hash_buffer,
+							 header, 4);
+			if (ret < 0) {
+				return gnutls_assert_val(ret);
+			}
+			header_size -= 4;
+			header += 4;
+
+			if (header_size < 8) {
+				gnutls_assert();
+				return GNUTLS_E_INTERNAL_ERROR;
+			}
+			header_size -= 8;
+			header += 8;
+		}
 		ret =
 		    _gnutls_buffer_append_data(&session->internals.
 					       handshake_hash_buffer,
@@ -1530,6 +1555,7 @@ handshake_hash_add_sent(gnutls_session_t session,
 {
 	int ret;
 	const version_entry_st *vers = get_version(session);
+	const version_entry_st *max = _gnutls_version_max(session);
 
 	if (unlikely(vers == NULL))
 		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
@@ -1550,6 +1576,34 @@ handshake_hash_add_sent(gnutls_session_t session,
 
 		if (datalen == 0)
 			return 0;
+	} else if (max->id >= GNUTLS_DTLS1_3) {
+		/* DTLS 1.3 doesn't include message_seq, fragment_offset, and
+		 * fragment_length.
+		 */
+		if (datalen < 4) {
+			gnutls_assert();
+			return GNUTLS_E_INTERNAL_ERROR;
+		}
+
+		ret = _gnutls_buffer_append_data(&session->internals.
+						 handshake_hash_buffer,
+						 dataptr, 4);
+		if (ret < 0) {
+			return gnutls_assert_val(ret);
+		}
+		dataptr += 4;
+		datalen -= 4;
+
+		if (datalen < 8) {
+			gnutls_assert();
+			return GNUTLS_E_INTERNAL_ERROR;
+		}
+		dataptr += 8;
+		datalen -= 8;
+
+		if (datalen == 0) {
+			return 0;
+		}
 	}
 
 	ret =